Topic: Introductions to New Participants

Kaspar Korjus: Started program 18 months ago to give digital identities to everyone internationally who wants one. Have done this domestically for 15 years. Already have prescriptions, many other areas using digital ids. Over 10000 eResidents so far. ✪

... most from Asia so far. Used heavily to be able to run businesses remotely.

... Have experience with both problem and solution. Want to share eResident information (if permission given) to other service providers (PayPal, BrainTree). Here to learn more about what W3C is doing and how to use existing platforms and standards, as well as to give feedback on what Estonia has done.

Topic: United Nations ID2020 Initiative

Christopher Allen: In "rebooting web of trust", top crypto people looked at what decentralized identity means. The ID2020 people were there a year ago and proposed a UN event. It will be on May 20th. First digital identity summit at UN. ✪

... one-day event. Not a design workshop, but followed by a 2-day design workshop to look at use cases from the policy people the prior day.

Christopher Allen: There are 1.8 billion people without any form of identity, and the ID2020 people want to be able to provide that for them. ✪

... One concern raised is abuse within or across countries where privacy is not paramount. Also, many approaches rely on biometrics or other info tightly tied to individuals. Just some perspectives being considered.

... (Manu summarizes results for each question and will post into IRC)

Manu Sporny: We asked "The Goals proposed by the Verifiable Claims work are good goals to pursue": 72% strongly agreeing, 28% mostly agreeing ✪

Manu Sporny: We asked "The Scope of Work and Deliverables would help address the Problem Statement": 32% strongly agree, 68% mostly agreeing ✪

Manu Sporny: We asked "My organizations verifiable claims problems would be addressed if the use cases in the Use Cases document were addressed" 28% strongly agreeing, 48% mostly agreeing, 12% neutral, 4% mostly disagreeing, other ✪

Daniel C. Burnett: Seeing strongly agreeing and mostly agreeing is good - but it's obvious on the third question that there was a reversal - first two, predominantly, but that dropped to scope of work and deliverables - haven't seen results from the questionnaire - why do people feel scope of work and deliverables didn't get "strongly agree". [scribe assist by Manu Sporny] ✪

David Ezell: Quick comment - we got some pushback from various folks on ongoing work - the specs that are a part of ISO - JCT1 - I think these specific issues ISO20111 - not an expert in these, so talked to colleagues in X9 - deeply involved in ISO but also deeply involved in payments, offered an interesting perspective - from point of view of payments folks - the ISO29000 series of work is too general to be of use to payments people. [scribe assist by Manu Sporny] ✪

David Ezell: We got some pushback about ongoing work in this space, specifically specs in ISO. I think 29191. Some colleagues involved in ISO and payments said that the 29000 work is too general to be of use. Problem for us payments folk, but if we take the time to show its relevance it may help to get them on our side. ✪

... while we do need to convince the W3C AC, there are other payments pepole who may be happy about this work.

Christopher Allen: Some of our initial uses are around ?? and travel. Funds need to be non-fungible. How can we still share credentials. We like the credentials approach. Wonder what ISO folks are thinking in this space - do they need a central authority, and if so, why? Are concerns just history here? ✪

Manu Sporny: Some of these orgs have invested much in OpenID and OpenConnect. ✪

...Also they are working on a generalized way to do this, but the documents are more legal requirements than technical specifications.

... we are focused on the technical solution here. We want alignment with legal frameworks, but that's why we are getting pushback.

Nate Otto: +1 Manu. The proposed work goes most of the way toward complete solutions and is a good foundation for later work ut doesn't solve all problems on its own. ✪

Manu Sporny: Regarding burn's question about reversal in questionnaire results for question 3. What we are proposing does not propose any sort of protocol because we didn't want to get into OpenId fight, so we are starting with syntax that anyone can use. If it becomes clear that we can't address the entire problem statement we'll go further. ✪

... this is the smallest bite we can take at this point, because including a protocol in the deliverables now will cause formal objections.

... Our problem statement alludes to lack of protocol as a problem, but since we don't propose work on it that's the issue. Note that no one is objecting. They are just commenting that it may not solve the whole problem.

David Ezell: Thanks to Chris for his post to the AC Forum. There are two levels at W3C that matter. One is purely technical. ✪

... It sometimes seems that existing companies at W3C don't want some work to happen. It may not be that there's anything wrong with a proposal, just that companies don't want it to happen for other (secret) reasons.

Christopher Allen: I'm concerned there is no commitment around selective disclosure. ✪

... I understand this may be 2.0 work, but for our community it's more important and isn't offered by other standards. In EU, I don't know how to meet their requirements without selective disclosure .

Manu Sporny: Lack of selective disclosure so far has not been a non-starter. Experts in this space know about selective disclosure and understand its importance and value. The current design enables it without going into a protocol specifiying how to do it. ✪

Shane McCarron: I am open to putting the selective disclosure requirement back into the use-cases. ✪

Shane McCarron: It only got dropped out because we were winnowing down the collection. ✪

... we have a way to only show attributes that the credential consumer is requesting. We don't require cryptographic complexity of other approaches, and we specifically don't mention it. If you want it, please propose specific text changes for the charter.

... there haven't been objections yet for selective disclosure, but we don't have solid proposals for it yet.

Christopher Allen: (Range proofs are part of open source Elements project) ✪

... we have a mechanism that does not require special crypto primitives in order to achieve sel. dis., but that would be part of the protocol which we are not doing now.

... No org so far has stated they would object because we did not include selective disclosure.

Christopher Allen: (An aside in case people don't know what a range proof is. They allow a prover to convince a verifier that a digitally committed value is a member of a given public set. A special case of this problem is when to show that the committed value lies in a specified integer range. ✪

Manu Sporny: We asked "My organizations verifiable claims problems would be addressed if the use cases in the Use Cases document were addressed"- 28% strongly agree, 48% mostly agree, 12% are neutral... ✪

Manu Sporny: We asked for use case reviews but haven't received many. Please review! ✪

Manu Sporny: We asked "My organization would participate in the following way if a Verifiable Claims Working Group were to materialize at W3C" - 28% saying "would participate and are W3C members", 16% saying "not W3C members, but would join W3C", 16% saying "not a member, but will do technical review, but not join W3C", and 36% "other" ✪

... the percentages aren't bad, but we don't have enough organizations saying they would join and participate. In particular we don't have enough committed to implement whatever we create.

... When we asked why people wouldn't participate, the answers were about money/support, or only wanting it focused more just on education. But there were few of these responses.

... FAQ, use cases, charter. Use cases doc is suffering from lack of reviews.

Christopher Allen: (I have reached out to IBM and Intel's reps to comment — will continue to prod) ✪

... We could also create a spec to use as input to a WG. Google and MSFT made comments on the public list saying they would rather have the work incubated first.

... Mike Champion (MSFT) and Chris Wilson (Google).

... They want to see what the technical proposal would be. But they are the same orgs that made the same request when the payments work was starting. We could create a spec that is what we have so far but removes the protocol pieces.

Dave Longley: They may also only be looking for that because they are browser vendors -- and there's nothing for the browsers to implement here. ✪

Shane McCarron: +1 To splitting the document and putting the limited version forward as a strawhorse ✪

Christopher Allen: I'll include them in the ping for questionnaire fill out [scribe assist by Manu Sporny] ✪

David Ezell: A catch-22 here, if you do nothing it gets shot down, if you put details it can get shot down, but there is often a happy medium that will work ✪

Dave Longley: One of the issues may be that there is nothing for the browsers to implement, so Google and MSFT may not see value. ✪

Shane McCarron: +1 To make it clear there is nothing for browsers to do. and it would be good for implementors to speak up ✪

Nate Otto: Don't know enough about the politics to evaluate risk either way. It is hard to get the right level of low-fi abstraction to not get dragged into the weeds on minutiae without the ability to respond (because it's really the job of a working group to sort out). ✪

... a related question then is who would implement, which is why Pearson and others need to respond.

Dave Longley: I think the best response would be: "Browsers don't need to implement anything --- and these orgs X, Y, and Z will be implementing and/or using." ✪

Christopher Allen: We may need to be more specific about why new blockchain technologies are needing this. Traditional solutions are not working with block chains. ✪